AI chatbots have quietly become the world's most popular therapists, coaches, and confidants. Users of cloud-based LLM services are increasingly shifting from simple queries like idea generation and poem writing, to deeply personal interactions. As Large Language Models increasingly assume the role of our confessors, we are witnessing a massive, unregulated transfer of sensitive personal identifiable information (PII) to powerful tech companies with opaque privacy practices. While the enterprise sector has made great strides in addressing data leakage concerns through sophisticated guardrails and PII redaction pipelines, these powerful tools have functionally remained inaccessible for the average user due to their technical complexity. This results in a dangerous trade off for individual users. In order to receive the therapeutic or productivity benefits of AI, users need to abandon any agency they might otherwise have over their data, often without a clear mental model of what is being shared, and how it might be used for advertising later on. This work addresses this interaction gap, applying the redaction pipelines of enterprise-grade redaction into an intuitive, first-of-its-kind, consumer-facing, and free experience. Specifically, this work introduces a scalable, browser-based intervention designed to help align user behavior with their privacy preferences during web-based AI interactions. Our system introduces two key mechanisms: local entity anonymization to prevent data leakage, and 'smokescreens': autonomous agent activity to disrupt third-party profiling. An open-source implementation is accessible at the GitHub repository below.

翻译：AI聊天机器人已悄然成为全球最受欢迎的心理治疗师、教练和密友。云基础大语言模型的用户正从简单的查询（如创意生成、诗歌创作）转向深度个人化互动。随着大语言模型逐渐承担起告解者的角色，我们正目睹大量未受监管的个人身份信息（PII）被传输给隐私实践不透明的科技巨头。尽管企业领域已通过精密防护机制和PII脱敏管道在应对数据泄露方面取得重大进展，但这些强大工具因技术复杂性实际上仍与普通用户无缘。这使个人用户面临危险权衡：为获得AI带来的治疗或生产力增益，用户需要放弃对数据的任何控制权，且通常缺乏对"分享了什么""这些信息未来如何被用于广告"等问题的清晰认知模型。本研究针对这一交互鸿沟，将企业级脱敏管道转化为首个面向消费者、直观易用且免费的体验。具体而言，本文提出一种可扩展的浏览器层级干预方案，旨在帮助用户在基于网页的AI交互中匹配隐私偏好与行为。我们的系统引入两种关键机制：本地实体匿名化以防止数据泄露，以及"烟幕弹"机制——通过自主代理活动干扰第三方画像。开源实现见下方GitHub仓库。